Jailbreak iPhone 3GS on iOS 4.0.2 with PwnageTool [How to Guide]

The unofficial release of PwnageTool for jailbreaking iOS 4.0.2 is now out in the wild. It can jailbreak iPhone 3GS (with old bootrom only) using iOS 4.0.2 custom firmware. There is of course no need to update to iOS 4.0.2 if you have iOS 4.0.1 (jailbroken using JailbreakMe) and PDF Patch installed from Cydia. But in case you have updated to iOS 4.0.2 accidently on your iPhone 3GS (with old bootrom), you can jailbreak it again using this version of PwnageTool for Mac.

Oh and if you have saved your SHSH blobs, you may want to check out the guide posted here instead to downgrade your iPhone or iPod touch from iOS 4.0.2 back to iOS 4.0.1 / 4.0 so that you can jailbreak it again with JailbreakMe.

Step 2: Now start iTunes and sync your iPhone with your PC or Mac so that it backs-up all your important data including settings, apps, music, contacts and photos.

Step 3: Download PwnageTool (http://www.megaupload.com/?d=63NSJXYL) and the original iOS 4.0.2 for your version of iPhone (download link given below). Move all these files to your desktop.

Step 4: Start PwnageTool and select your device:

Step 5: PwnageTool will now automatically detect the correct firmware for your device as shown in the screenshot below:

Step 6: Click on "No" when PwnageTool asks you “Do you have an iPhone contract that would activate normally through iTunes?”:

Clicking on “Yes” will update your baseband to the latest version. Click on “Yes” only if you are on an officially supported carrier like AT&T.

Step 7: PwnageTool will now create the custom .ipsw file for your iPhone which will be jailbroken.

The following “ihaz Success” screen will confirm that the requested .ipsw file has been created successfully.

Step 8: Once the .ipsw file has been created, you will now have to extract this .ipsw file to add kernelcache.release.n88 file which is included with the PwnageTool download that you downloaded in Step 3 above.

To extract .ipsw file, first rename the extension to .zip from .ipsw and extract this .zip file, as shown in the screenshot below.

You should now have a new folder named “iPhone2,1_4.0.2_8A400_Custom_Restore”

Open this folder and replace kernelcache.release.n88 file in the folder with the one you downloaded in Step 3 above.

Now you will have to convert this folder back to .zip file again. To do this, select all the files in “iPhone2,1_4.0.2_8A400_Custom_Restore”, right click on one of the file and click on “Compress 6 items” as shown below.

You should now have a “Archive.zip” file in “iPhone2,1_4.0.2_8A400_Custom_Restore” folder. Simply rename this file to “Archive.ipsw” and you are done!

Step 9: You will now have to restore your iPhone to this custom firmware 4.0.2 (Archive.ipsw) file. Start iTunes, click on your phone icon from the sidebar in iTunes. Now press and hold left “alt” button (“Shift” button on Windows) on the keyboard and then click on “Restore” (Not “Update” or “Check for Update”) button in the iTunes and then release the “Shift” button.

This will make iTunes prompt you to select the location for your custom firmware 4.0.2 file. Select the required custom .ipsw file and click on “Open”.

Step 10: Now sit back and enjoy as iTunes does the rest for you. This will involve a series of automated steps. Be patient at this stage and don’t do anything silly. Just wait while iTunes installs the new firmware 4.0.2 on your iPhone. Your iPhone screen at this point will be showing a progress bar indicating installation progress. After the installation is done, iPhone will restart automatically and you should now have a fully jailbroken iPhone running on iOS 4.0.2.

NOTE: If iTunes throws 1004 or 1015 error at you. This is normal, just ignore this error as the firmware has already been successfully installed on the device. But your iPhone at this point will be stuck in Recovery Mode, showing that “Connect to iTunes” screen.

To exit your device from Recovery Mode, download this program called TinyUmbrella (Windows / Mac). Run it and the click on “Kick Device Out of Recovery” button. Your device will now restart normally.

In case the Cydia icon on the homescreen is in white with no repositories added, simply add http://apt.saurik.com/cydia-3.7 repo in Cydia to get going!

Step 11: Once you are done with the unlocking and jailbreak process. You can now restore all your settings, apps, music, contacts and photos to the newly installed firmware version 4.0.2 by restoring the backup that you made in Step 2 from iTunes.

If you are an iPhone 3G user, you can follow the complete step by step guide posted here to jailbreak your iOS device using Redsn0w, and then unlock it using Ultrasn0w on any baseband (including 05.13.04 and 05.12.01).

UPDATE 1 (September 5, 2010): The guide above has been updated. If it didn’t work for you previously, you might like to give another go at it. I have tested it and can confirm that it works on my iPhone 3GS (old bootrom) on iOS 4.0.2.

Disclaimer: Since this is an unofficial release, I wont recommend using it as it may have bugs that in some cases might result in malfunctioning of your iPhone. This guide is for testing & educational purposes only. Follow it on your own risk. I’m not responsible for any loss of important data or malfunctioning of your iPhone.

Related Stories

i just got myself the same error 1603 or 1604 after i tried all the ways that posted up there. did not work for me 🙁 guides?

emi

iphone freezes after click on restore , a terminal appears on the screen saying : panic: we are hanging here…uation: 0x8 … after a while itunes gives error 1603 …
please help

Bammeh

I got the new kernel into the custom firmware, itunes accepted it, but it hangs on “Preparing to Restore iPhone” and then i get a 16XX error.

Any help?

Valentinethien

after download the tools, where is the tool file?

Valentinethien

after download the tools, where is the tool file?

Lalit

Can any buddy provide details , i m havibg iPhone 3GS with 4.0.2 running i dont have shsh blob file any where is it i can unlock still , help is appreciated

Pg5mbit

explain yourself……

xkon

when do you add the kernelcache.release.n88 file? is i before u create the restore ipsw, or after pnwage tools has created the custom restor ipsw

xkon

when do you add the kernelcache.release.n88 file? is i before u create the restore ipsw, or after pnwage tools has created the custom restor ipsw

xkon

when do you add the kernelcache.release.n88 file? is i before u create the restore ipsw, or after pnwage tools has created the custom restor ipsw

xkon

when do you add the kernelcache.release.n88 file? is i before u create the restore ipsw, or after pnwage tools has created the custom restor ipsw

Sp

Need PC version please

Djmarkneuk

hmmmmm when I followed these steps, the iphone was in the sidebar but the window just said iphone, and nothing else….any ideas ????????

Me

DOES NOT WORK.

Sadool

Does this work with the iPod 2g with the new bootroom (MC-Moddel)?

Ryk911

Me too, it hung on stage 9, then had to restore proper with itunes…

McBosch

Yep, same here…

juz

i give up. every time i do this, during Step 9, my iphone restarts and just displays a “connect to itunes” screen. Itunes just says “preparing iphone for restore..” and it hangs there. Doesn’t matter if I reboot, unplug, whatever. It’s crashed and I have to restore and try again.

SB

you have asked to download pwnage from the link, but how does the tool open as shown in the second diagram

SB

i had the same problem, try removing the sim inserted and then connect the iphone and let the itunes open directly

Backwards_nam

old bootrom , checked with forecast, 4.0.2, replaced the kernel after creating a custom firmware, 1604 1600 errors with recovery or dfu